Changeset 9460


Ignore:
Timestamp:
2007-10-29T11:31:16+01:00 (10 years ago)
Author:
florian
Message:

Only masquerade non routable addresses (#2535)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/iptables/files/firewall.init

    r7806 r9460  
    106106        [ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan 
    107107        iptables -t nat -A POSTROUTING -j postrouting_rule 
    108         [ -z "$WAN" ] || iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE 
     108        ### Only RFC1918 addresses 
     109        [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 192.168.0.0/16 -o $WAN -j MASQUERADE 
     110        [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 172.16.0.0/12 -o $WAN -j MASQUERADE 
     111        [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 10.0.0.0/8 -o $WAN -j MASQUERADE 
    109112 
    110113        iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \ 
Note: See TracChangeset for help on using the changeset viewer.